Help your clients protect their personal information during the holidays
During the busy holiday season, we often find ourselves multi-tasking. This is especially true when we are out of the office or home and enjoy the convenience of public Wi-Fi. Share the tips below with your policyholders to help them prevent a man-in-the-middle (MITM) attack.
MITM attacks occur when two parties engage in online activity (i.e., conversation, purchase) and another party (the malicious hacker) secretly intercepts or joins. This type of attack can exploit a transaction, a conversation or other real-time online activity. Three examples of MITM attacks include:
- Pharming – A URL of a legitimate webpage is rerouted without the visitor knowing. This type of sophisticated hacker can mirror the legitimate webpage and trick the customer into providing personal information including passwords and account numbers. While doing some holiday shopping on an open Wi-Fi network at the airport, it may be difficult to distinguish a legitimate website from one that is mirrored.
- Email Hijacking – An email account is intercepted and the hacker monitors and waits for a time they can exploit personal information. Email Hijacking can be especially damaging to businesses, including insurance agencies. Once access to a business email account is gained, access may be gained to all email accounts connected to that business and all of the information in each email. The hacker can monitor the business to identify the time of the month (or year) when the most information/money is exchanged. Once the hacker understands the patterns of your activity, they can select a time to gain the most information to exploit.
- Session Hijacking – When a customer logs onto a webpage, the hacker can join the session without detection and collect information from the cookies stored. Cookies stored on your device contain information such as your browsing history, usernames and passwords. They can also store your location. With this information, the hacker is able to assume your identity.
While outside your secured home/office Internet network, reduce your exposure by:
- Avoiding public, unencrypted Wi-Fi connections
- Being mindful of the sensitivity of information sent to clients via email
- Saving the shopping and banking for secured locations
Adam Levin, co-founder of Credit.com and Identity Theft 911, also advises:
“Always look for HTTPS in the address and the green lock near the URL of the sites you visit and think long and hard before visiting destinations like banks and the like that require or provide access to sensitive information.”
At one of the busiest times of the year, it may be tempting to use public, easy-to-access Wi-Fi connections. However, an uncompromising stance on maintaining your business and personal online security can keep a man-in-the-middle attack from getting between you and a joyful holiday season.
If you have any suspicion that you have been hacked, you may want to call your bank and other providers for advice on next steps. Ask your district sales manager about Cyber Security coverage options to protect you and your clients in the event of a breach.
Source: cyberscout.com